From 2876260269af4257c35e7f0357042dfe50a2ae01 Mon Sep 17 00:00:00 2001
From: Bozhidar Slaveykov <bobi@microweber.com>
Date: Mon, 14 Feb 2022 13:20:56 +0200
Subject: [PATCH] update xss security

---
 src/MicroweberPackages/CustomField/FieldsManager.php | 5 +++--
 src/MicroweberPackages/Helper/HTMLClean.php          | 7 ++++++-
 src/MicroweberPackages/Option/OptionManager.php      | 5 +++++
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/src/MicroweberPackages/CustomField/FieldsManager.php b/src/MicroweberPackages/CustomField/FieldsManager.php
index ec6dbf42e4a..a42551bb1c9 100644
--- a/src/MicroweberPackages/CustomField/FieldsManager.php
+++ b/src/MicroweberPackages/CustomField/FieldsManager.php
@@ -3,6 +3,7 @@
 namespace MicroweberPackages\CustomField;
 
 use MicroweberPackages\CustomField\Fields\Text;
+use MicroweberPackages\Helper\HTMLClean;
 use MicroweberPackages\Helper\XSSSecurity;
 use function Matrix\trace;
 use MicroweberPackages\CustomField\Events\CustomFieldWasDeleted;
@@ -306,8 +307,8 @@ public function save($fieldData)
             return false;
         }
 
-        $xssClean = new XSSSecurity();
-        $fieldData = $xssClean->clean($fieldData);
+        $xssClean = new HTMLClean();
+        $fieldData = $xssClean->cleanArray($fieldData);
 
         if (isset($fieldData['copy_of']) and $fieldData['copy_of']) {
 
diff --git a/src/MicroweberPackages/Helper/HTMLClean.php b/src/MicroweberPackages/Helper/HTMLClean.php
index d9cac9b20fd..c57f16c663d 100644
--- a/src/MicroweberPackages/Helper/HTMLClean.php
+++ b/src/MicroweberPackages/Helper/HTMLClean.php
@@ -5,11 +5,16 @@
 class HTMLClean
 {
     public function cleanArray($array) {
+
         if (is_array($array)) {
 
             $cleanedArray = [];
             foreach ($array as $key=>$value) {
-                $cleanedArray[$key] = $this->clean($value);
+                if (is_array($value)) {
+                    $cleanedArray[$key] = $this->cleanArray($value);
+                } else {
+                    $cleanedArray[$key] = $this->clean($value);
+                }
             }
 
             return $cleanedArray;
diff --git a/src/MicroweberPackages/Option/OptionManager.php b/src/MicroweberPackages/Option/OptionManager.php
index 07a4dc559ee..01a5091f111 100644
--- a/src/MicroweberPackages/Option/OptionManager.php
+++ b/src/MicroweberPackages/Option/OptionManager.php
@@ -14,6 +14,7 @@
 
 use DB;
 use Cache;
+use MicroweberPackages\Helper\HTMLClean;
 use MicroweberPackages\Option\Models\ModuleOption;
 use MicroweberPackages\Option\Models\Option;
 use MicroweberPackages\Option\Traits\ModuleOptionTrait;
@@ -349,6 +350,10 @@ public function save($data)
             $data = parse_params($data);
         }
 
+        $xssClean = new HTMLClean();
+        $data = $xssClean->cleanArray($data); 
+
+
         $this->clear_memory();
         app()->option_repository->clearCache();